Updates some firewall::virtual rules to new kvm scheme

diff --git a/manifests/virtual/gitd.pp b/manifests/virtual/gitd.pp
index 23095aa74d1f08ca4d113cac59297f78b061d5e8..02c4fb9d352ec0d7e440ab6fb503027c8ee7b3d4 100644 (file)
--- a/manifests/virtual/gitd.pp
+++ b/manifests/virtual/gitd.pp
@@ -1,18 +1,19 @@
-class firewall::virtual::gitd($destination, $zone = 'fw') {
+class firewall::virtual::gitd($destination) {
   shorewall::rule { 'git-daemon-1':
     action          => 'DNAT',
     source          => 'net',
-    destination     => "$zone:$destination:9418",
+    destination     => "vm:$destination:9418",
     proto           => 'tcp',
     destinationport => '9418',
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => '-',
     order           => 800,
   }
 
   shorewall::rule { 'git-daemon-2':
     action          => 'DNAT',
-    source          => '$FW',
-    destination     => "$zone:$destination:9418",
+    source          => 'vm',
+    destination     => "fw:$destination:9418",
     proto           => 'tcp',
     destinationport => '9418',
     originaldest    => hiera('firewall::external_ip', $::ipaddress),

diff --git a/manifests/virtual/gobby.pp b/manifests/virtual/gobby.pp
index 5554a1103511786e9d6e913bb50fcf3203ae2b71..162fe1de536ec87dc1abe39c33a6c0245d31850f 100644 (file)
--- a/manifests/virtual/gobby.pp
+++ b/manifests/virtual/gobby.pp
@@ -1,10 +1,22 @@
-class firewall::virtual::gobby($destination, $zone = 'fw') {
+class firewall::virtual::gobby($destination) {
   shorewall::rule { 'gobby-0':
+    action          => 'DNAT',
+    source          => 'vm',
+    destination     => "fw:$destination:6523",
+    proto           => 'tcp',
+    destinationport => '6523',
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    ratelimit       => '-',
+    order           => 2400,
+  }
+
+  shorewall::rule { 'gobby-1':
     action          => 'DNAT',
     source          => 'net',
-    destination     => "$zone:$destination:6523",
+    destination     => "vm:$destination:6523",
     proto           => 'tcp',
     destinationport => '6523',
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => '-',
     order           => 2400,
   }

diff --git a/manifests/virtual/http.pp b/manifests/virtual/http.pp
index b1e7faa1f48cbc563cc8db343545638d8bd1fe8e..efd3dca393c7b8c7e01d98ff0df63d6969b30b7f 100644 (file)
--- a/manifests/virtual/http.pp
+++ b/manifests/virtual/http.pp
@@ -1,18 +1,19 @@
-class firewall::virtual::http($destination, $zone = 'vm') {
+class firewall::virtual::http($destination) {
   shorewall::rule { 'http-route-1':
     action          => 'DNAT',
-    source          => 'net',
-    destination     => "$zone:$destination:80",
+    source          => 'vm',
+    destination     => "fw:$destination:80",
     proto           => 'tcp',
     destinationport => '80',
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => '-',
     order           => 600,
   }
 
   shorewall::rule { 'http-route-2':
     action          => 'DNAT',
-    source          => '$FW',
-    destination     => "fw:$destination:80",
+    source          => 'net',
+    destination     => "vm:$destination:80",
     proto           => 'tcp',
     destinationport => '80',
     originaldest    => hiera('firewall::external_ip', $::ipaddress),

diff --git a/manifests/virtual/https.pp b/manifests/virtual/https.pp
index ea900d86073561cb623ea80a1dd4022a7fcb8279..36e0c9f7169dc89f630e694975e90fe94bbf7dc3 100644 (file)
--- a/manifests/virtual/https.pp
+++ b/manifests/virtual/https.pp
@@ -1,18 +1,19 @@
-class firewall::virtual::https($destination, $zone = 'vm') {
+class firewall::virtual::https($destination) {
   shorewall::rule { 'https-route-1':
     action          => 'DNAT',
-    source          => 'net',
-    destination     => "$zone:$destination:443",
+    source          => 'vm',
+    destination     => "fw:$destination:443",
     proto           => 'tcp',
     destinationport => '443',
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => hiera("firewall::ssl_ratelimit", '-'),
     order           => 602,
   }
 
   shorewall::rule { 'https-route-2':
     action          => 'DNAT',
-    source          => '$FW',
-    destination     => "fw:$destination:443",
+    source          => 'net',
+    destination     => "vm:$destination:443",
     proto           => 'tcp',
     destinationport => '443',
     originaldest    => hiera('firewall::external_ip', $::ipaddress),

diff --git a/manifests/virtual/mail.pp b/manifests/virtual/mail.pp
index 83589cea3e108ed4ab852c7bdfc1b0a3cd222455..75eec5f57633c96bde77cdb4a699b245f923c4b5 100644 (file)
--- a/manifests/virtual/mail.pp
+++ b/manifests/virtual/mail.pp
@@ -1,18 +1,19 @@
-class firewall::virtual::mail($destination, $zone = 'fw') {
+class firewall::virtual::mail($destination) {
   shorewall::rule { 'mail-1':
     action          => 'DNAT',
-    source          => 'net',
-    destination     => "$zone:$destination:25",
+    source          => 'vm',
+    destination     => "fw:$destination:25",
     proto           => 'tcp',
     destinationport => '25',
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => '-',
     order           => 1000,
   }
 
   shorewall::rule { 'mail-2':
     action          => 'DNAT',
-    source          => '$FW',
-    destination     => "$zone:$destination:25",
+    source          => 'net',
+    destination     => "vm:$destination:25",
     proto           => 'tcp',
     destinationport => '25',
     originaldest    => hiera('firewall::external_ip', $::ipaddress),
@@ -22,18 +23,19 @@ class firewall::virtual::mail($destination, $zone = 'fw') {
 
   shorewall::rule { 'mail-3':
     action          => 'DNAT',
-    source          => 'net',
-    destination     => "$zone:$destination:993",
+    source          => 'vm',
+    destination     => "fw:$destination:993",
     proto           => 'tcp',
     destinationport => '993',
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => hiera("firewall::ssl_ratelimit", '-'),
     order           => 1002,
   }
 
   shorewall::rule { 'mail-4':
     action          => 'DNAT',
-    source          => '$FW',
-    destination     => "$zone:$destination:993",
+    source          => 'net',
+    destination     => "vm:$destination:993",
     proto           => 'tcp',
     destinationport => '993',
     originaldest    => hiera('firewall::external_ip', $::ipaddress),
@@ -43,18 +45,19 @@ class firewall::virtual::mail($destination, $zone = 'fw') {
 
   shorewall::rule { 'mail-5':
     action          => 'DNAT',
-    source          => 'net',
-    destination     => "$zone:$destination:587",
+    source          => 'vm',
+    destination     => "fw:$destination:587",
     proto           => 'tcp',
     destinationport => '587',
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => hiera("firewall::ssl_ratelimit", '-'),
     order           => 1004,
   }
 
   shorewall::rule { 'mail-6':
     action          => 'DNAT',
-    source          => '$FW',
-    destination     => "$zone:$destination:587",
+    source          => 'net',
+    destination     => "vm:$destination:587",
     proto           => 'tcp',
     destinationport => '587',
     originaldest    => hiera('firewall::external_ip', $::ipaddress),